Android Security Risks Increasing as Popularity Grows

Android, which has seen the number of Trojans targeting the platform nearly triple in just the last three months, is being targeted by attackers as high levels due to its large install base. That's according to Kaspersky Labs, which reported that the number of malware programs for Android skyrocketed from just more than 5,000 in Q1 of 2012 to nearly 15,000 in Q2.

Those statistics, Kaspersky says, "...Points to the fact that more virus writers are changing gear and focusing more on developing malicious programs for mobile devices." And Android's huge popularity makes it the juiciest target.

This is parallels to Windows security threats, Kaspersky says, in which the large install base attracts a growing black market for malware distribution. Unlike the Apple Store or forthcoming Windows Store, Android users of both smartphones and tablets can go to outside sources for apps: "The main channels of distribution are unofficial online app stores and affiliate programs," Kaspersky says. Many of the third-party app stores are in Asia.

About half of the threat detections were "multi-functional Trojans" which steal data from phones, while a smaller but growing number -- 18 percent -- of threats are backdoors, giving the attackers full control of a phone. It can then become part of a mobile botnet network.

One of the most popular Android malware programs is "Zitmo", which is essentially a mobile version of the infamous Zeus banking malware. Zitmo presents itself as an app called Android Security Suite Premium.

Android is the most popular smartphone in the world by far, with nearly 60 percent of the market, according to Q1 figures that show Android with 59 percent marketshare, followed by iOS at 23 percent share.

That data is buttressed by a study from the Cloud Security Alliance, a non-profit that tracks risks to cloud computing. CSA reported on the top threats to mobile computing, and mobile malware was No. 2 on its list, after lost, stolen or decommissioned devices.

Of interest to developers is the No. 3 overall risk: poorly-written third-party apps. The study says that apps often request or secretly obtain more data than they need.

About the Author

Keith Ward is the editor in chief of Virtualization Review. Follow him on Twitter @VirtReviewKeith.